Photoshop palette
Creating a custom Swatch
Photoshop training

Customizing Max Interface
Learn how to customize 3d Studio Max interface and viewports
3d Studio Max

Learn Flash
Start to learn Flash. See some important features to start learning this imaging software.
Flash Training

Dreamweaver Enable/Disabled script
How work with Browser with Javascript disabled
Learn Dreamweaver

Understand Sessions
Learn how php sessions work
in Php programming

Redefine tags and create classes with Css
manage different types of html tags, classes and styles
Cascading Style

navigation

Share Tips

Php array_pop()

array_pop() function returns the last element of an array and than removes it from the original array

 

Affiliates

t-Tutorials.com Photoshop tutorialsTutorialIndex.com

Bookmark

del.iciou.us icon Technorati Ma.gnolia send this page icon

Like this site? Digg it ;)

Build up a function to secure a text box

If you run a web site one of the things you should have in mind is security. Your site security/insecurity is due in part by text boxes. If you allow to your website users to send information you have to use form and consequentially text boxes.

As data pass from one page to another, especially from a page to a database making up a query, your website may be attacked.

Your site is exposed to simple, jet quite annoying forum/guest book alteration via java script, to devastating SQL injection. Once on to those happen the damage is done

What can be done to prevent completely or in part this event? Create a securing function for your form and especially the text boxes

First of all, why a function? Simply, because creating a function is a way to save time, avoid typing errors and reduce the lines of code of your site, enough ya?

All functions have this syntax

function function_name($optional_value/s);

We have to write at least few lines of code to tell to our function what to do

For our purposes we'll call our function secured, our function have to work we only one value, in case of multiple values they have to be written as coma separated values.

function function_name($optional_value1, $optional_value2);

So this will be our first line of code

<?php
function secured($val);

To complete our script we'll use some of the great php built-in functions:
strip_tags(), stripslashes(), trim() and a great function know as escapeshellcmd()

strip_tags() removes every HTML e PHP tags, allowed tags have to be declared

example:
strip_tags($val, "<b>");

trim() instead is a simple jet useful function to cut spaces at the beginning and the end of your input data, including - that's the tricky part - return characters, paragraph, tabulation and so on..

example:
trim($val);

strlen() generates an integer that indicates the number of characters contained in a string

example:
strlen($val);

<?php

echo strlen("Hello");

?>


Function can be nestled, this syntax is allowed

example:
strip_tags(trim($val));

Note: if you want to create a text box to store data into a database you should use addslashes and stripslashes() functions too. addslashes is useful to insert into a database problematic characters such as * ? ' /. Then use stripslashes() when you want to recall your data from the database.

Since a way to create damage it sometimes tide up with string length, we'll prevent this using an if/else statement that will return true if the string is shorter that a certain value.

<?
function secured($val)
{
if(empty($val) or strlen($val) > 40)
{
return false;
} else {

If the text input of our text box is longer that 40 chars (edit with a value of your choice), our function will stop the process.

The first part of the if/else statement is complete. Now let's create the second one knowing that function can be nestled.

$val = strip_tags(
trim(($val)
)
)
;

This few lines of code may be written as one, but for convenience are separated just to show where functions start and then end. Pay attention to the syntax too with a look at the brackets.

$val = escapeshellcmd($val);
return stripslashes($val);
}
}

escapeshellcmd() finally will cut away all the attempts finalized to use our text box to call a mysql command. return indicates to our function that we want $val value back but without any print.

stripslashes() removes \ char behind * ? / and so on..

This is the function complete:

<?
function secured($val)
{

if(empty($val) or strlen($val) > 40)
{
return false;
} else {
$val = strip_tags(
trim(($val)
)
)
;

$val = escapeshellcmd($val);
return stripslashes($val);
}
}
?>

So, using this function is simple. Any text box as a name, this is the html code
ex. <input name="securityscript" type="text" id="securityscript">

When the user clicks send button the fill box has a value. All you have to do is to filter that value this way calling the function.

if(isset($Submit))
{
secured($securityscript);
// rest of your code

If you want to test this script type a text of your choice and it'll be shown normally. The try with something like <img> or any tag you like. If nothing happens this mean that your input has been filtered and removed by the function.

copyright © 2006-2007 http://www.cagedflame.com 3 on line The Host Choice